Can quantum cryptography secure the Internet in the quantum computer age?

Advances in quantum mechanics will bring us unimaginable computational power, unlocking the true potential of machine learning by enabling us to understand complex relationships between many different data sets in seconds. But it will also increase security risks in a data-driven world. As a result, Orange is exploring the future of quantum cryptography in co-innovation programs with a range of governmental, technology and university partners.

A classical computer encodes information as binary bits, which can be a 1 or 0, meaning it can only perform calculations in sequence. In contrast, quantum computers store information in qubits that can be both on and off at the same time. This allows a quantum computer to explore the answers to many inputs simultaneously – calculating the relationships between them at exceptional speed. For example, Google’s Sycamore quantum computer recently solved a complex computation in 200 seconds that would have taken today’s supercomputers 10,000 years to finish.

As is often the case, this next major advance in computing can be used for both good and bad. Such a breakthrough could lead to new drug discoveries, better weather predictions and accurate natural language processing. But it could also be used to launch cyberattacks that enable cybercriminals to steal an enterprise’s customer data and intellectual property (IP). This is why Orange is contributing to the European Union’s quantum communication infrastructure program (called Quantum Flagship), with a particular focus on quantum key distribution, in addition to running a separate co-innovation program with the Université Côte d’Azur (UCA).

IDC analysts are predicting that quantum computing will bring competitive advantages to Fortune Global 500 companies as early as 2023, while also creating new security risks. Meanwhile, Mark Horvarth, Senior Director Analyst at Gartner, suggests that, “Although quantum computing is still nascent, it potentially undermines many widely-used cryptographic algorithms. Security and risk management leaders must assess enterprise dependence on cryptography and plan for agile migration ‘postquantum’ algorithms.”

Enterprises say the COVID-19 crisis has prompted their boards to review the broad range of risks they face. The opportunities and threats presented by quantum computing will soon be coming onto their radar screens. With the sudden economic shift from physical to digital channels during the pandemic, digital dependency and resilience is a top priority today. It’s clear that security innovation needs to go hand-in-hand with new waves of technological innovation like quantum computing.

The age of quantum cryptographic security

Today, encryption systems use numbers that are extremely difficult to factorize to enable secure data exchanges. They use an algorithm to encrypt the data. A key is then used by the receiving party to decrypt the data so it is readable. It would take a classical computer around 300 trillion years to break an RSA 2048-bit encryption key. It’s estimated that a quantum computer could break 2048-bit RSA encryption in just eight hours!

An alternative is to use quantum cryptography, which relies on the fundamental laws of physics and quantum mechanics at the core of its security formula. Quantum cryptography uses the quantum properties of photons to create an unbreakable crypto algorithm. It has several advantages in that it is almost impossible to hack and can detect attacks in real time.

However, it may take some time to find a workable quantum cryptography-based security solution. Two serious alternatives already exist, and research has been going on for some time. The first is commonly referred to as post-quantum cryptography and is based on mathematical problems that are different from those currently used. The second relies on exploiting quantum physics to search out new cryptographic solutions.

Taking quantum cryptography forward

The initial concept for quantum cryptography came from Charles Bennet and Gilles Brassard, who came up with the BB84 quantum key distribution protocol in the 1980s. It’s built on the “quantum non-cloning” principle, which states that it’s impossible to create an exact replica of an unknown quantum state.

Quantum key distribution (QKD) is a way of distributing and sharing the secret keys that are essential for cryptographic protocols. The process must also make sure they remain private between the communicating parties. Typically, information is encoded on single photons, and once keys have been securely established between both parties, their exchanges are secure.

There is one stumbling block, however. For the whole process to be totally secure, it must be possible for both communicating parties to be able to authenticate each other via another channel. Without this safety facility, an attacker could impersonate either party during the execution of the QKD and eventually discover the secret key.

The big issue is that quantum cryptography doesn’t yet have a novel solution for this alternate channel. It is thus essential to use traditional secret-key cryptography mechanisms, such as a “one-time pad” system in which a private key is generated randomly and used only once to encrypt a message. This is then decrypted by the receiver using a matching one-time pad and key. Messages encrypted with keys based on randomness have the advantage of, theoretically, there being no way to "break the code" by analyzing a succession of messages.

Orange partners with university in quantum cryptographic research

Orange is already researching the use of quantum physics as a solution for securing future communications. For example, it is part of the European CiViQ (Continuous Variable Quantum Communications) project, which forms part of the EU’s “Quantum Flagship” initiative. CiViQ is looking into the development of flexible, low-cost QKD that can be easily integrated into emerging telecommunications infrastructures.

In addition, Orange recently signed an agreement with the Université Côte d’Azur (UCA) to assess the use of quantum cryptographic key exchange over a city network. Orange is providing a dedicated dark fiber network for the exchange of quantum states, along with cryptographic expertise. The UCA is contributing expertise in the fields of engineering and quantum photonics technologies. The goal of the project is to implement a completely secure channel system based on quantum physics.

One of the main issues to solve in quantum cryptography is the speed of establishing keys because of the complexity of entangling photons. To overcome this, Orange and UCA are looking at correction codes for errors and noise detection to limit data loss and guarantee the highest level of data exchange and confidentiality between parties. The project will also look at using various quantum secret key extraction protocols in order to guarantee the highest level of data exchange confidentiality, while effectively responding to the different use cases.

Collaborating on a secure future

Quantum computing will dramatically increase our ability to analyze data at scale and speed. It also creates new security threats, including the risk of hacking and espionage. This makes the work being carried out by Orange and UCA’s co-innovation initiative and the EU Quantum Flagship program vital in ensuring the integrity of authentication and communications as technology advances in our hyperconnected and digitally-dependent world.

Read this blog for more information on the EU’s program on quantum cyptography.

Jan Howells

Jan has been writing about technology for over 22 years for magazines and web sites, including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.